Michael Dortch – ITChronicleshttps://www.itchronicles.com
Learn, grow, engage and act!Thu, 21 Mar 2019 13:52:35 +0000en-UShourly1https://wordpress.org/?v=4.9.10Venafi: Bringing Identity and Access Management (IAM) to Machineshttps://www.itchronicles.com/security/venafi-bringing-identity-and-access-management-iam-to-machines/?utm_source=rss&utm_medium=rss&utm_campaign=venafi-bringing-identity-and-access-management-iam-to-machines
https://www.itchronicles.com/security/venafi-bringing-identity-and-access-management-iam-to-machines/#respondTue, 11 Dec 2018 15:23:00 +0000https://www.itchronicles.com/?p=228852Identity and access management, or IAM, has been a focus of cyber security experts and solution vendors for years. However, that focus has been almost exclusively on IT users. Now, with new funding, a vendor focused on bringing IAM principles to machines will soon expand its efforts and market presence. On November 29, machine identityRead More...

]]>Identity and access management, or IAM, has been a focus of cyber security experts and solution vendors for years. However, that focus has been almost exclusively on IT users. Now, with new funding, a vendor focused on bringing IAM principles to machines will soon expand its efforts and market presence.

On November 29, machine identity protection provider Venafi announced the closing of a $100-million round of financing. The lead investor is TCV, early backers of such companies as Airbnb, Netflix, Splunk, and Spotify. TCV was joined in this funding round by previous Venafi investors QuestMark Partners and NextEquity Partners.

Venafi plans to use the funding to grow its leadership in its primary market. To this end, $12.5 million of the investment will be used to launch what Venafi calls the Machine Identity Protection Development Fund. The fund is intended to “accelerate the integration of machine identity intelligence into a wide range of machines in the enterprise,” Venafi said in a statement.

Why Machine Identity Management Matters

User IDs and passwords are widely used to authenticate legitimate IT users and reject unauthorized access attempts. However, rigorous authentication of the devices across an IT estate is inconsistent at best. This presents significant cyber security challenges, which are growing thanks to multiple trends, including cloud computing and the Internet of Things (IoT).

The Venafi platform uses cryptographic keys, digital certificates, and other methods to authenticate and secure machine-to-machine connections and remediate challenges automatically. Trusted machines are defined by business goals and needs, and prevented from communicating with untrusted machines, improving security and reducing risk.

Venafi: Poised for Growth

Venafi claims to hold more than 30 patents, and to have as clients four of the top five banks in the U.S., the U.K., Australia, and South Africa. The company says its solutions are also used by the top five health insurers, the top five airlines, and four of the top five retailers in the U.S. The company is clearly experienced in helping improve cyber security for some of the most risk-averse industries and companies in the world. This latest round of funding should result in greater awareness of the need for machine identity protection, and more solutions from more enterprise IT solution providers.

Machine identity and access management is clearly a space worth watching. With this latest funding, Venafi could spur the growth and development of a significant element of the complex, ever-evolving cyber security ecosystem. Which makes Venafi a company worth watching, too.

]]>https://www.itchronicles.com/security/venafi-bringing-identity-and-access-management-iam-to-machines/feed/0Data Analytics Leader Yellowfin BI Delivers on New Visions of Data-Driven Decisions and Storieshttps://www.itchronicles.com/big-data/data-analytics-leader-yellowfin-bi-delivers-on-new-visions/?utm_source=rss&utm_medium=rss&utm_campaign=data-analytics-leader-yellowfin-bi-delivers-on-new-visions
https://www.itchronicles.com/big-data/data-analytics-leader-yellowfin-bi-delivers-on-new-visions/#respondTue, 27 Nov 2018 15:11:46 +0000https://www.itchronicles.com/?p=228660Halloween may be an already-faded memory, but it was also when a data analytics company called Yellowfin BI introduced new tricks and treats for businesses that use data to drive decisions. Recently, Yellowfin announced immediate availability of two new solutions, Yellowfin Signals and Yellowfin Stories. Each is designed to enable better business decisions by providing innovativeRead More...

Yellowfin Signals: Beyond the Dashboard

Business dashboards are very popular, because they consolidate and present diverse data in forms that promise easier understanding and faster time to action. Many, however, are much better at enabling creation of fanciful interfaces than they are at revealing the underlying data. Almost every business dashboard presents data analytics based on recent or historical data, not what’s happening now.

Yellowfin Signals runs continuously in the background. It uses artificial intelligence (AI) to scan data sources for patterns, trends and unusual events. When it detects anything noteworthy, it automatically scans and correlates relevant data from other sources. It then delivers an alert to designated recipients, equipping them with sufficient data analytics to choose and agree upon a course of action quickly.

In a sense, Yellowfin Signals turns “cat eyes” on your business data. Cats can’t see detail at a distance or color as well as we can. Their eyes, however, are much better than ours at detecting nearby motion, which could be dinner or a predator. Yellowfin Signals helps decision makers focus on events and relationships within their business data that deserve further attention – the signals, not the noise.

Yellowfin Stories: Better Stories Mean Better Decisions

The company positions Yellowfin Stories as “the first-ever data-storytelling product.” It lets users collect data from multiple online sources, including dashboard tools from other vendors. Yellowfin Stories then provides the tools to curate multiple data streams into a single story, complete with supporting data.

As businesses evolve into agile, project-based teams and pursue digital transformation, significant changes in infrastructure, operations and culture are often needed. To make these changes, those leading each pursuit must be able to convince stakeholders, including executives and colleagues, to support their efforts. The ability to tell more credible, compelling stories can be a great aid to these and other initiatives at almost any business.

Yellowfin: The Rest of The Story

Yellowfin was founded during 2003, and the company has had a singular focus throughout its existence: revealing the “why” behind every business decision faster. Yellowfin Signals and Yellowfin Stories combine innovative technologies with flexibility and ease of use. They can help decision makers discover challenges and opportunities, plan actions in response and gain support for those actions with credible, actionable data analysis.

In its announcement of the two new offerings, the company quoted John Santaferraro, Research Director at Enterprise Management Associates (EMA). “EMA considers Yellowfin to be a leader in the use of AI, machine learning, contextual storytelling, and social communication for business intelligence.” After seeing the new offerings and talking with the CEO and the lead developer, I’d have to agree, and so does Gartner. It ranked Yellowfin among the top five vendors across all 15 Gartner Critical Capabilities for Analytics and Business Intelligence Platforms. Yellowfin also has approximately 27,000 organizations as clients, so there’s a track record behind the promise of the new offerings.

Yellowfin Signals and Yellowfin Stories are each available as standalone solutions. They can also be implemented as elements of the Yellowfin Suite, which also includes tools for data discovery and preparation, and for creating dashboards. If data drives decisions at your business – and it should – you ought to check what Yellowfin has to offer. I think their latest offerings signal the appearance of some pretty compelling stories during the near future – and probably even before next Halloween.

]]>https://www.itchronicles.com/big-data/data-analytics-leader-yellowfin-bi-delivers-on-new-visions/feed/0IBM Buys Red Hat: Analysis and Opinionhttps://www.itchronicles.com/company-news/ibm-buys-red-hat/?utm_source=rss&utm_medium=rss&utm_campaign=ibm-buys-red-hat
https://www.itchronicles.com/company-news/ibm-buys-red-hat/#respondWed, 31 Oct 2018 13:16:06 +0000https://www.itchronicles.com/?p=228329IBM and Red Hat: What Happened IBM bought Red Hat, a long-time leader in enterprise open-source software and cloud-based computing solutions. The deal is valued at US$34 billion, and is reportedly the largest deal in the software industry’s history. IBM and Red Hat: What It Means Open-source software solutions and subscription pricing are now “officially”Read More...

IBM bought Red Hat, a long-time leader in enterprise open-source software and cloud-based computing solutions. The deal is valued at US$34 billion, and is reportedly the largest deal in the software industry’s history.

IBM and Red Hat: What It Means

Open-source software solutions and subscription pricing are now “officially” safe for the enterprise. Enterprises have been running critical applications on open-source platforms for years now. Red Hat has been a leading supplier to those enterprises since it began bundling tools and support with the Linux open-source operating system in 1993. The combination of Red Hat’s success and IBM’s imprimatur is all but guaranteed to remove any lingering doubts about whether open-source solutions are ready or safe for enterprise computing.

IBM is poised to leapfrog to a leadership position in the hybrid-cloud market. So-called “container” technologies are driving growth in enterprise hybrid cloud deployments. Containers allow applications to run anywhere, whether on a public or private cloud platform or a premises-based server in a corporate data center.

Red Hat’s OpenShift container application platform extends the popular, open-source Kubernetes container orchestration solution with what Red Hat calls “enterprise features.” These include technologies such as certified application services, databases, middleware, and third-party solutions. They also include operational elements, such as available 24×7 support and a security response team.

IBM has been seen as an also-ran in the enterprise cloud computing market, with Amazon Web Services and Microsoft Azure gaining most of the market share and positive perception. (Dell, Hewlett Packard Enterprise (HPE), and others also offer enterprise hybrid cloud solutions.) With its acquisition of Red Hat, IBM could rapidly change both market dynamics and its perception by others.

More cloud-focused mega-deals to come? This is the third multi-billion-dollar acquisition of an open-source company by a more traditional software company this year. In May, Salesforce completed its acquisition of “application network platform” provider MuleSoft for US$6.5 billion. In June, Microsoft agreed to pay US$7.5 billion for source code repository and code-sharing and collaboration service GitHub.

Financial and technology industry analysts have already begun speculating about future takeover targets. Candidates for takeover mentioned in the media include identity management solution provider Okta, cyber security company Palo Alto Networks, and even enterprise cloud computing pioneer ServiceNow. While no one can predict the future, it seems safe to assume that almost no software company is too big to be considered a potential acquisition.

IBM and Red Hat: What You Should Do

If your business currently relies on Red Hat solutions for cloud computing, you probably don’t need to do anything. However, it is never a bad idea to gain as much knowledge as possible about planned road maps for the solutions upon which your business relies.

If you’ve been considering Red Hat solutions, you can probably feel at least a little bit safer about their long-term viability in the marketplace. However, you should watch this acquisition closely, especially for signs of cultural or operational mismatch, such as departures of key Red Hat personnel.

If your business has been considering or pursuing hybrid cloud or container-related projects, proceed with both confidence and caution. It is highly unlikely that Red Hat or IBM would intentionally do anything to fragment or confuse the market for open-source container solutions. However, the history of open-source software is pockmarked by disagreements that splintered single solutions into multiple, sometimes inconsistently compatible “flavors.” And attempts to evolve and more closely align previously separate technologies can always have unintended consequences.

]]>https://www.itchronicles.com/company-news/ibm-buys-red-hat/feed/0TWiTIoT: This Week in The Internet of Things – Arm-ing the IoT: Rule, Britannia?https://www.itchronicles.com/iot/twitiot-this-week-in-the-internet-of-things-arm-ing-the-iot-rule-britannia/?utm_source=rss&utm_medium=rss&utm_campaign=twitiot-this-week-in-the-internet-of-things-arm-ing-the-iot-rule-britannia
https://www.itchronicles.com/iot/twitiot-this-week-in-the-internet-of-things-arm-ing-the-iot-rule-britannia/#respondFri, 28 Sep 2018 18:47:50 +0000https://www.itchronicles.com/?p=227947Greetings, and welcome. This week, a recap of and some reflections on recent IoT-related announcements centered around one of the world’s leading chipmakers that isn’t Intel or AMD. As always, your thoughts, reactions, and suggestions welcome. Just send a quick email to medortch@dortchonit.com. And for more on the IoT and IIoT, check out “DortchOnIT’s IndustrialRead More...

Greetings, and welcome. This week, a recap of and some reflections on recent IoT-related announcements centered around one of the world’s leading chipmakers that isn’t Intel or AMD. As always, your thoughts, reactions, and suggestions welcome. Just send a quick email to medortch@dortchonit.com. And for more on the IoT and IIoT, check out “DortchOnIT’s Industrial Internet of Things (IIoT) Weekly.” Thanks.

Arm Aims to Support the IoT from End to End

What Happened: UK-based semiconductor giant Arm Holdings announced its latest IoT-related acquisition, and a new end-to-end IoT platform.

As ZDNetreported, Arm announced its acquisition of Treasure Data, a company focused primarily on data management solutions. Terms were not disclosed.

Arm also announced the Pelion IoT platform. The offering combines data management from the Treasure Data Platform with Arm’s own Mbed device management. It also incorporates connectivity management Arm acquired when it purchased Stream Technologies in June.

The Pelion platform promises secure, “device-to-data” IoT connectivity, and faster deployment and adoption of IoT solutions. It “enables companies to manage IoT devices at scale, working on public and private clouds, on-premises and in hybrid environments. It runs through a unified billing system that lowers infrastructure costs reduces integration complexity, Arm said.”

In May, Arm announced its Cortex-M35P processor. As ZDNetreported at the time, the chip is “designed to prevent physical attacks against Internet of Things (IoT) devices.” Such “hardware-level attacks can result in the leak of sensitive information or changing the compromised device’s behavior.”

The new chip includes the tamper resistance used in Arm SecureCore processors. The Cortex-M35P also “includes Arm TrustZone technology to give developers access to software isolation, which can be used to embed additional layers of payment or telecom-certified security.” Arm said the chip can also be certified to comply with ISO 26262, the International Organization for Standardization’s specification for the functional safety of electrical and electronic systems in production automobiles.

Also in May, Arm announced a three-year co-development project with Korea Electric Power Corporation (KEPCO). As ZDNetreported, “Arm and KEPCO will co-develop a chipset with embedded security to be used in South Korea’s national Internet of Things (IoT) smart water meter project.” That project, worth US$1.5 trillion, aims to install 22.5 million meters across all of South Korea by 2020.

What It Means to the Internet of Things

Arm already supplies chips that power many if not most of the smartphones and computing tablets. Arm technologies and intellectual property (IP) are at the heart of multiple chips manufactured by others as well. Its legacy, strengths, and incumbent partner ecosystem could spur rapid adoption of Arm’s new IoT chips and Pelion platform, by device and service providers and enterprise users.

What You Should Do

If you manufacture IoT devices or services, or your enterprise is pursuing or considering any IoT deployments, you should dig deeper into Arm’s IoT offerings and activities. Other companies have already announced and begun delivering IoT chips and platforms. Few have combined market and technology strengths that match or exceed all that Arm is bringing to the IoT party.

Published estimates of the number of connected IoT devices in use by 2020 range from 20 to 50 billion. Arm believes there could be a trillion such connected devices in use by 2035. And options for IoT device security are only now beginning to approach acceptable levels. (See “TWiTIoT: This Week in The Internet of Things – Better Security for IoT Devices. For Users? Not So Much.”) If Arm, its technologies, and its ecosystem can deliver on the promise of relatively easy, economical, and non-disruptive end-to-end security, IoT growth could exceed even the most optimistic forecasts. And we just might be able to enjoy the fruits of such growth without having to suffer through too many catastrophic security breaches.

]]>https://www.itchronicles.com/iot/twitiot-this-week-in-the-internet-of-things-arm-ing-the-iot-rule-britannia/feed/0TWiTIoT: This Week in The Internet of Things –Infrastructure Options Expandhttps://www.itchronicles.com/iot/twitiot-this-week-in-iot-infrastructure-options-expand/?utm_source=rss&utm_medium=rss&utm_campaign=twitiot-this-week-in-iot-infrastructure-options-expand
https://www.itchronicles.com/iot/twitiot-this-week-in-iot-infrastructure-options-expand/#respondFri, 07 Sep 2018 20:52:59 +0000https://www.itchronicles.com/?p=227711Greetings, and welcome. This week, encouraging news of coming enhancements to the global IoT infrastructure – including, we can but hope, consistent, effective cyber security. As always, your thoughts, reactions, and suggestions welcome. Just send a quick email to medortch@dortchonit.com. And for more on the IoT and IIoT, check out “DortchOnIT’s Industrial Internet of ThingsRead More...

Greetings, and welcome. This week, encouraging news of coming enhancements to the global IoT infrastructure – including, we can but hope, consistent, effective cyber security. As always, your thoughts, reactions, and suggestions welcome. Just send a quick email to medortch@dortchonit.com. And for more on the IoT and IIoT, check out “DortchOnIT’s Industrial Internet of Things (IIoT) Weekly.” Thanks.

Sprint, Ericsson Partner for Dedicated IoT Network

What Happened: Sprint and Ericsson announced plans to build an IoT-optimized core network and companion operating system.

As Techphliereported, the two companies “have announced a global relationship to build a distributed and virtualized core network” and “a world-class IoT operating system” The environment is designed to provide “an optimal flow of device data, enabling immediate, actionable intelligence at the network edge for end users and enterprises.”

The core network will be built to deliver high availability with low latency. The distributed, virtualized architecture will reduce the distance separating data-generating devices and data-consuming applications. Processing nodes on enterprise premises will be an available option, “if necessary, to support specific security, privacy and latency requirements.”

The IoT operating system will offer developers a platform able to consume “enormous amounts of data while delivering immediate intelligence on that data.” It will also support management of device firmware and software configurations and updates, and chip-level security.

What It Means: The combined technological strengths of Sprint and Ericsson could result in an IoT platform that delivers on all of the above promises. Such an environment would be a significant boon to the growth of multiple IoT markets, especially if the promises about security and updates are kept.

What You Should Do: If you manufacture IoT devices or services, or you are pursuing or considering an IoT device or service deployment, you should definitely stay abreast of these developments. This is especially true if you already have a business relationship with Sprint, Ericsson, or both. This could turn out to be a significant enabler of secure, powerful IoT applications, devices, and services. Keep in mind, though, that there will be other alternatives. (See “TWiTIoT: This Week in The Internet of Things – Better Security for IoT Devices. For Users? Not So Much.”)

Scotland Set to Build the UK’s “Most Advanced” IoT Network

What Happened: Scotland announced a £6-million project intended to build the “most advanced” IoT network in the UK.

As Holyrood (“Scotland’s award-winning current affairs magazine”) reported, Scotland government agencies and a private company will invest £6 million in “IoT Scotland.” The network will eschew cellular and Wi-Fi technologies and instead will use “LoRa (long range), a wireless technology that uses certain radio bands to communicate over long distances at low power and low cost.”

The Scottish Government and two economic development agencies will invest just £2.8 million of the £6 million. The balance will come from Boston Networks, a Scotland-based company focused on “the design, installation, and support of smart buildings, smart campuses, and smart cities.”

“Initially, the network will cover Scotland’s seven cities, Glasgow, Inverness, Edinburgh, Aberdeen, Dundee, Perth, and Stirling, with the aim of expanding it throughout Scotland.” The project is projected to take three years.

“Ian Reid, CEO of CENSIS, the Scottish center for sensor and imaging systems, highlighted predictions that there will be 25 billion IoT devices connected by 2025, with only a small number using 3G, 4G or Wi-Fi. He added: ‘Low-power wide-area networks like IoT Scotland are going to become increasingly important – they have the potential to be as disruptive to businesses as the internet has been already to our daily lives.’”

What It Means: The IoT and the build-out of IoT infrastructure is a global phenomenon. Governments and private enterprise can, should, and must partner to encourage and support development and growth of infrastructures that are accessible, interoperable, reliable, and secure.

What You Should Do: If you do business in Scotland or the UK, keep tabs on this project, and expect others to arise across the UK and all of Europe. If your business crosses multiple borders or service areas, keep a sharp eye on what those behind these various projects say and do about security and interoperability.

To go mainstream worldwide, automobiles needed networks of roads and fueling stations. The web needed (and still needs in far too many places) pervasive, affordable access to bandwidth. The promise

]]>https://www.itchronicles.com/iot/twitiot-this-week-in-iot-infrastructure-options-expand/feed/0TWiTIoT: This Week in The Internet of Things – Better Security for IoT Devices. For Users? Not So Muchhttps://www.itchronicles.com/iot/twitiot-security-for-iot-devices/?utm_source=rss&utm_medium=rss&utm_campaign=twitiot-security-for-iot-devices
https://www.itchronicles.com/iot/twitiot-security-for-iot-devices/#respondThu, 30 Aug 2018 12:30:15 +0000https://www.itchronicles.com/?p=227493Greetings, and welcome. This week, a promising new approach to more interoperability and security for IoT devices, and yet more proof users need help with passwords. Lots of help. Soon. And often. As always, your thoughts, reactions, and suggestions welcome. Just send a quick email to medortch@dortchonit.com. And for more on the IoT and IIoT,Read More...

Start-Up Aims to Enable Easy, Standardized Security for IoT Devices

What Happened:A new company announced plans to deliver a standard software platform to enable greater security and easier software updates for IoT devices.

As TechCrunch reported, Foundries.io intends to offer “a standard way to secure devices and deliver updates over the air.” The goal is to provide “a long-term solution to the device update problem by providing a way to deliver updates over the air in an automated manner on any device from tiny sensors to smart thermostats to autonomous cars.”

The company offers two different solutions. “The Zephyr RTOS microPlatform is designed for smaller, less complex devices. For those that are more complex, Foundries offers a version of Linux called the Linux OE microPlatform.”

The company is offering three pricing tiers for access to its platform and related resources. A hobbyist and education package is $10 per month. Zephyr RTOS is $10,000 per year, while Linux OE is $25,000 per year. “These are one-time prices and apply by the product, regardless of how many units get sold and there is no lock-in,” according to the company’s CEO.

What It Means: Anything that makes it easy and affordable for IoT device developers to improve the security of those devices is good for them, good for users, and good for the entire IoT market.

This Just In, Again/Still: Users Still Don’t Get Passwords

What Happened: A security audit revealed that more than a quarter of officials in the Western Australian government had inadequate passwords.

As The Washington Post reported, “A security audit of the Western Australian government released by the state’s auditor general this week found that 26 percent of its officials had weak, common passwords – including more than 5,000 including the word “password” out of 234,000 in 17 government agencies.”

The most popular password? “Password123,” used by 1,464 of the accounts audited. Another favorite was “password1,” with 813 users. “Almost 13,000 used variations of the date and season, and almost 7,000 included versions of ‘123.’” “In one case, the auditors were able to access an agency’s network – with full system administrator privileges – by guessing the password: “Summer123.”

“In the wake of the report, the government has agreed to step up its security game. It’s in the process of developing new practices to help employees store their password information more securely. The new Office of Digital Government will house a cyber security team dedicated to improving security practices government-wide.”

What It Means: The Western Australian government has discovered what too many other organizations either already know or haven’t yet figured out. Left to their own devices, users cannot be depended upon to create or manage consistently secure passwords.

What You Should Do: Implement a password management solution, and enforce its use by everyone, whether that’s just you or an entire team, department, or company. Forbid connection by users who don’t create adequate passwords and update them regularly. Wherever possible, implement and enforce two-factor authentication (TFA) as well. In other words, treat every user and device exactly the way you should be treating every attempted IoT device connection to your network. If you can’t secure it and can’t update that security whenever you want or need to, ban it from your environment.

]]>https://www.itchronicles.com/iot/twitiot-security-for-iot-devices/feed/0Gartner Magic Quadrant for IT Service Managementhttps://www.itchronicles.com/itsm/gartner-magic-quadrant-lost-magic/?utm_source=rss&utm_medium=rss&utm_campaign=gartner-magic-quadrant-lost-magic
https://www.itchronicles.com/itsm/gartner-magic-quadrant-lost-magic/#respondThu, 23 Aug 2018 09:41:01 +0000https://www.itchronicles.com/?p=227471Has the Gartner Magic Quadrant Lost Its Magic? If you’re an IT decision maker, one of the most valuable tools you can have is accurate, timely information about your environment, your users, and the solutions you choose. One of the most respected sources of this information has long been Gartner. And some of their highest-profileRead More...

If you’re an IT decision maker, one of the most valuable tools you can have is accurate, timely information about your environment, your users, and the solutions you choose. One of the most respected sources of this information has long been Gartner. And some of their highest-profile research products have been Gartner’s Magic Quadrant reports.

Every Magic Quadrant is the work and expertise of highly respected and knowledgeable analysts, and I am not trying in any way to undermine the value of their expertise. But at the same time, I think we need to pause for thought when examining the latest Magic Quadrant for ITSM.

The Magic Quadrant for ITSM: Why It (Still) Matters

The ITSM solution you choose can, in effect, determine the quantity and quality of information that is made available to you about your IT environment and your users. That information can influence or even drive strategic business and technology decisions. So you’re highly motivated to always try to choose the best ITSM solutions for your particular environment and business needs.

In order to do that, you seek out the best information available about those solutions and their vendors. For decades, IT decision makers have looked to the Magic Quadrant reports for enlightenment.

I have just spent some time perusing the latest Gartner Magic Quadrant for IT Service Management Tools, and I am convinced you and your colleagues may want to take a closer look. Not necessarily at the Magic Quadrant itself, but at how much influence it should have on your solution choices. It includes useful information about the market and some of its leading vendors and offerings, to be sure. But in a crowded marketplace, just how relevant can a report that only highlights 13 tools be? How relevant should it be?

Magic Quadrant – is it a Movie or a Still Life?

Despite the fact that there are hundreds of products vying for your attention in this space, this latest Magic Quadrant looks a lot like the past few I’ve seen. Gartner analysts have made just one change to the list of chosen vendors this time out, replacing HPE with Micro Focus, the company that acquired HPE’s former software business. So I guess, in reality, there were no net changes.

The fact that IBM and CA Technologies have been on this list of market leaders for more than a decade lends credence to the perception of a market in stasis. Is this actually the case, and if so is an annual recap of relative vendor positions really that helpful to your solution decisions? Or has it devolved into “the lazy executive’s short list?”

As I have already stated, none of this is meant as a criticism of Gartner, the company, nor its analysts, for whom I have the utmost respect. And the “Context” and “Market Overview” sections of the report should be required reading for IT and ITSM decision makers. As should a companion Gartner report, “Critical Capabilities for IT Service Management Tools.” (If you don’t have access to the latest version, recent past editions can be had easily via an online search, registration at an offering vendor’s web site, and polite refusal of any irrelevant follow-up sales calls.)

But I think the current Magic Quadrant for ITSM does represent an opportunity to pause and reflect. For relatively inexperienced IT decision makers, and those seeking to convince and/or reassure senior managers, the report might be helpful. To more experienced hands, however, it would seem to be, at best, an affirmation of an already familiar reality.

This is likely less true in more emerging and dynamic markets, but for ITSM, the ability of the Magic Quadrant or any similar exercise to shift the trajectory of the market or its leading vendors is doubtful. It may have more influence on vendors “on the cusp” of moving up and/or to the right, or down and/or to the left. For other vendors, their partners, and their customers? Not so much.

The Bottom Line: More Information Needed

It doesn’t really matter whether you view the Magic Quadrant as essential to your ITSM solution selection process, or simply something with which you can placate your boss about your decisions. What Gartner or any other single source says is, and should be viewed as, only that: one set of opinions. Your mileage will vary, based on characteristics ranging from your organization’s size, sophistication, and specific business challenges, to the expertise and agility of your local reseller(s).

A vendor’s presence and position on Gartner’s Magic Quadrant for ITSM comes with no guarantees of that vendor’s ability to deliver success for you and your team. And a vendor’s absence from the Magic Quadrant should not disqualify them from your consideration, if you’ve seen something from them potentially valuable to your organization. Unless, of course, your boss is a risk-averse, reactive avoider of independent thought. Just saying.

What are your views on the value of the Magic Quadrant? Is it a valuable tool when you are considering your next ITSM platform purchase, or just one opinion in a sea of information? Leave us a comment below.

]]>https://www.itchronicles.com/itsm/gartner-magic-quadrant-lost-magic/feed/0TWiTIoT: This Week in The Internet of Things – Malware in the Air, and Better Health with IoT?https://www.itchronicles.com/iot/twitiot-this-week-in-the-internet-of-things-malware-in-the-air-and-better-health-with-iot/?utm_source=rss&utm_medium=rss&utm_campaign=twitiot-this-week-in-the-internet-of-things-malware-in-the-air-and-better-health-with-iot
https://www.itchronicles.com/iot/twitiot-this-week-in-the-internet-of-things-malware-in-the-air-and-better-health-with-iot/#respondFri, 17 Aug 2018 12:30:48 +0000https://www.itchronicles.com/?p=227412Greetings, and welcome. This week, evidence that commercial and military aircraft, ships, and satellites are vulnerable to IoT-borne malware attacks, and efforts to use IoT devices to make medical data more accessible. As always, your thoughts, reactions, and suggestions welcome. Just send a quick email to medortch@dortchonit.com. And for more on the IoT and IIoT,Read More...

]]>Greetings, and welcome. This week, evidence that commercial and military aircraft, ships, and satellites are vulnerable to IoT-borne malware attacks, and efforts to use IoT devices to make medical data more accessible. As always, your thoughts, reactions, and suggestions welcome. Just send a quick email to medortch@dortchonit.com. And for more on the IoT and IIoT, check out “DortchOnIT’s Industrial Internet of Things (IIoT) Weekly.” Thanks.

Four Years After Disclosure, Vulnerabilities Still Threaten Satellite Systems

What Happened: Researchers demonstrated that vulnerabilities they first disclosed in 2014 still threaten satellite communications systems used by commercial and military aircraft and ships.

As Help Net Security reported, researchers from IT services and cybersecurity provider IOActive in 2014 “revealed security vulnerabilities they found in the most widely deployed satellite communications [SATCOM] terminals.” At that time, the researchers also “presented potential scenarios attackers could exploit once SATCOM systems have been compromised in the aviation, maritime, and military sectors.”

Unfortunately, at this year’s Black Hat conference, IOActive researchers demonstrated that some of the scenarios from 2014 are still possible. “The many vulnerabilities found include backdoors, insecure protocols, and network misconfigurations.” And they could enable “attackers to take control of airborne SATCOM equipment on in-flight commercial aircrafts, earth stations on vessels and those used by the US military in conflict zones.”

The researchers “discovered IoT malware – the Mirai bot, to be exact – on a random vessel with equipment exposed to the Internet. The bot infected the Antenna Control Unit (ACU).” One researcher, while on a commercial flight, discovered a router had been enslaved by a botnet and was “’ performing brute-force attacks against [on-board] SATCOM modems.’”

What It Means: The combined challenges of timely software patch management and inadequate IoT device security are pervasive and persistent – and potentially catastrophic.

IoT Devices Help Make Medical Data More Accessible

What Happened: A research lab is exploring how to harmonize and tame the voluminous health data generated by personal and medical IoT devices.

As Network World reported, “The Medical Device Interoperability Program, or MD PnP, in affiliation with Massachusetts General Hospital and Partners Healthcare, is a hub for research into making medical devices dramatically smarter by making it simpler for them to share the data they gather.”

That data can be overwhelming, with “more and more people being monitored by IoT devices in hospitals and monitoring themselves with Fitbits and Apple watches.” “One challenge is to gather and analyze that data from disparate devices so it provides medical professionals with more complete information about the condition of their patients. Another is to make that process simpler for the IT staff that has to set up the systems.”

The data collection and integration challenges are many, as they are in any IT environment. But the stakes are even higher in healthcare. “There are too many device makers, too many technical hurdles, too many regulatory issues – and the penalty for getting something wrong is that people could die.”

MD PnP researchers believe sensors, software, and those IoT devices can be woven into “an open platform that can be used to seamlessly connect devices without a lot of integration work for IT staff or the expense of hiring outside contractors.” Such a platform could make “more advanced uses of medical technology more freely available to healthcare providers that might not otherwise be able to afford it.”

What It Means:Healthcare is evolving into a crucible for all that is promising and threatening about the growth of IoT devices and connections.

What You Should Do:Your business likely is either a direct participant in the healthcare industry, or a “reseller” and/or consumer of healthcare services. This means whatever your business, you should pay attention to developments such as these. They will very likely affect the range of available products and services, how those are delivered, how they are priced, or all of the above. Even if you have no stake in the healthcare market, if your business is pursuing or considering IoT deployments, you should also watch this space. Healthcare is a market where IoT security may be most critical to the most people. A successful breach could literally become a life-or-death situation.

]]>https://www.itchronicles.com/iot/twitiot-this-week-in-the-internet-of-things-malware-in-the-air-and-better-health-with-iot/feed/0TWiTIoT: This Week in The Internet of Things – New Warnings from the FBI – and Hawai’i’s Kilauea Volcano!https://www.itchronicles.com/uncategorized/twitiot-this-week-in-the-internet-of-things-new-warnings-from-the-fbi-and-hawaiis-kilauea-volcano/?utm_source=rss&utm_medium=rss&utm_campaign=twitiot-this-week-in-the-internet-of-things-new-warnings-from-the-fbi-and-hawaiis-kilauea-volcano
https://www.itchronicles.com/uncategorized/twitiot-this-week-in-the-internet-of-things-new-warnings-from-the-fbi-and-hawaiis-kilauea-volcano/#respondFri, 10 Aug 2018 12:30:16 +0000https://www.itchronicles.com/?p=227311Greetings, and welcome. This week, the U.S. Federal Bureau of Investigation (FBI) joins the growing concern about IoT device security. Meanwhile, scientists use IoT sensors to warn of pollution from Hawai’i’s Kilauea volcano. As always, your thoughts, reactions, and suggestions welcome. Just send a quick email to medortch@dortchonit.com. And for more on the IoT andRead More...

]]>Greetings, and welcome. This week, the U.S. Federal Bureau of Investigation (FBI) joins the growing concern about IoT device security. Meanwhile, scientists use IoT sensors to warn of pollution from Hawai’i’s Kilauea volcano. As always, your thoughts, reactions, and suggestions welcome. Just send a quick email to medortch@dortchonit.com. And for more on the IoT and IIoT, check out “DortchOnIT’s Industrial Internet of Things (IIoT) Weekly.” Thanks.

FBI PSA: IoT Devices Can Enable “Malicious Cyber Activities”

What Happened: The FBI issued a public service announcement (PSA) that highlights the growing popularity of IoT devices as cyber attack vectors.

The PSA, issued by the FBI’s Internet Crime Complaint Center (IC3), states its case pretty plainly in its all-caps headline: “CYBER ACTORS USE INTERNET OF THINGS DEVICES AS PROXIES FOR ANONYMITY AND PURSUIT OF MALICIOUS CYBER ACTIVITIES.”

The FBI announcement also explains how and why hackers and attackers go after IoT devices. Those devices serve as “as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation.” Once compromised, those proxies “provide a layer of anonymity by transmitting all Internet requests through the victim device’s IP address.”

What It Means: The problem of poor IoT device security, already generating significant concern worldwide, gains additional attention. Whether or how much that additional attention will help to improve IoT device security remains to be seen.

What You Should Do: The FBI PSA includes several recommendations to improve your IoT device security.

“Reboot devices regularly, as most malware is stored in memory and removed upon a device reboot. It is important to do this regularly as many actors compete for the same pool of devices and use automated scripts to identify vulnerabilities and infect devices.

In Hawai’i, Scientists Use IoT to Combat Volcanic Air Pollution

What Happened: A network of IoT sensors is enabling scientists to combat pollution from Hawai’i’s erupting Kilauea volcano.

As the developer-focused web site DZone reported, MIT scientists have joined with Hawai’i’s Kohala Center to create “a Hawai‘i Island Vog Network that provides real-time measurements of hazardous fumes, like sulfur dioxide and particulate matter.” (“Vog” is a combination of smog and volcanic gasses.) The network’s builders “hope to learn more about the transport of pollutants in Hawaii’s atmosphere, while providing the information they find to the public through accessible means.”

Its web site says The Kohala Center “is an independent, community-based center for research, conservation, and education. We turn research and ancestral knowledge into action, so that communities in Hawai‘i and around the world can thrive—ecologically, economically, culturally, and socially.” The MIT scientists involved are members of The Kroll Lab, where they focus on “chemistry of organic compounds in the earth’s atmosphere.”

Kilauea, Hawai’i’s most active volcano, erupted in May. “In a month’s time, Kilauea destroyed around 700 homes, caused at least 21 fissures to emerge, and exposed residents to high levels of sulfur dioxide gas. Even today, these hazardous fumes are seething from the volcano with geologists warning that these eruptions could last for months or years to come.”

“Typically, the Environmental Protection Agency (EPA) creates air quality stations to monitor toxins and pollutants. In the United States, each station costs about $100,000 to get up and running. However, the data they collect isn’t always easily obtainable for the general public.” In contrast, the low-powered IoT sensors of the Hawai‘i Island Vog Network “cost roughly $1,000, and there are minimal recurring costs.” “The sensors small size and cost also allow them to be deployed more widely than typical air quality monitors, which means that they capture highly localized air quality data.”

Network connectivity means data can easily be shared with the public and researchers in other locations. MIT and Kohala Center scientists have “already partnered with local schools on the big island to weave in environmental science and data analysis into the curriculum. They will also be launching a website soon with all the information from the sensors, allowing residents to log in and check air quality easily.”

Beyond Hawai’i, MIT scientist David Hagan is deploying IoT sensors and networks to monitor air quality in India. “According to the World Health Organization, India contains 14 of the world’s most polluted cities.” Eventually, “David hopes to gain a complete understanding of atmospheric air quality and strives to help governments mitigate air pollution effects in cities.”

What You Should Do: If you are pursuing or considering an IoT project at your business, look for opportunities to deliver benefits beyond IT. Especially if your business is already considering or deploying smart, connected devices on the factory floor, at the warehouse loading docks, or in the kitchens and break rooms. You should also educate users about why they shouldn’t connect their fitness monitors or smart speakers to the network without at least asking first. Ensuring the security of as many IoT deployments at your business as possible may be the single most valuable IoT-related thing you can do.

]]>https://www.itchronicles.com/uncategorized/twitiot-this-week-in-the-internet-of-things-new-warnings-from-the-fbi-and-hawaiis-kilauea-volcano/feed/0TWiTIoT: This Week in The Internet of Things – Even More Fun with IoT Cyber(in)security!https://www.itchronicles.com/iot/iot-cybersecurity-concerns/?utm_source=rss&utm_medium=rss&utm_campaign=iot-cybersecurity-concerns
https://www.itchronicles.com/iot/iot-cybersecurity-concerns/#respondFri, 03 Aug 2018 12:30:02 +0000https://www.itchronicles.com/?p=227187Greetings, and welcome. This week, yet another new survey highlighting the lack of cybersecurity in business IoT deployments, and yet another IoT device vulnerability – 20, actually. As always, your thoughts, reactions, and suggestions welcome. Just send a quick email to medortch@dortchonit.com. And for more on the IoT and IIoT, check out “DortchOnIT’s Industrial InternetRead More...

]]>Greetings, and welcome. This week, yet another new survey highlighting the lack of cybersecurity in business IoT deployments, and yet another IoT device vulnerability – 20, actually. As always, your thoughts, reactions, and suggestions welcome. Just send a quick email to medortch@dortchonit.com. And for more on the IoT and IIoT, check out “DortchOnIT’s Industrial Internet of Things (IIoT) Weekly.” Thanks.

Survey: Full Speed Ahead with IoT – but Without Cybersecurity

What Happened: A new survey of IT and security decision makers indicates that many are proceeding apace with IoT deployments, largely ignoring cybersecurity in the process.

As InfoSecurity Magazinereported, enterprise cybersecurity solutions vendor Trend Micro recently “polled 1150 IT and security decision-makers in the UK, Germany, the US, Japan and France.” Respondents’ companies are “spending an average of over $2.5m each year on IoT projects.”

“Responding organizations suffered an average of three attacks on connected devices over the past year.” Apparently, these were not enough to convince respondents that insecure IoT devices are serious vulnerabilities. “Even though 63% of respondents agreed that IoT-linked attacks have increased over the past year, just half (53%) think they’re a threat to their organization.”

This delusional thinking “might explain why over two-fifths (43%) regard IoT security as an afterthought, and just 38% get security teams involved in the implementation process for new projects. This drops even further for smart factory (32%), smart utility (31%) and wearable (30%) projects.”

What It Means: Knowing that IoT devices create significant cybersecurity risks is apparently not enough to convince IT and security decision makers to invest in defending against those risks.

As Threatpost reported, Cisco Talos researchers found 20 flaws in the Samsung controller. The device “supports a broad spectrum of third-party products- from Philips Hue smart lightbulbs, to Ring video doorbells, as well dozens more smart home products sold under the brands GE, Bose and Lutron.”

The vulnerabilities “’could be leveraged to give an attacker the ability to obtain access to [sensitive] information, monitor and control devices within the home, or otherwise perform unauthorized activities,’ researchers said in a report.”

Samsung has already released patches and a firmware advisory intended to address the vulnerabilities. “[R]esearchers recommended that users verify the updated version has actually been applied to devices to ensure that they are no longer vulnerable.”

What It Means: Even devices designed to help users consolidate and manage connections to multiple IoT devices are vulnerable to hackers and attackers. Unlike many IoT devices, hubs, routers, and controllers can be patched and have their software and firmware updated. But that does not guarantee that every patch and update will be created, released, tested, and implemented in time to defend against every attack.